Yaksas Security

Cyber Security Research

  • Yaksas Security Home
  • Home
  • Yaksas Security Classroom
  • Learn Adversary Emulation
  • Contact Yaksas
Red Team Operations Attack Lifecycle

Uday Mittal January 3, 2021

Red Team Operations Attack Lifecycle

This post is part of our course Adversary Emulation 101: Mimicking a real-world cyber attack.

The lifecycle consisted of following phases, with phases 3-6 being cyclic in nature:

  1. Recon (Information Gathering) – In this phase, publicly available information (website, company profile, social media pages, employee profiles etc.) is gathered about the target organization.
  2. Initial Compromise (Foothold) – In this phase, information from Recon phase is analysed to identify and exploit a vulnerability or launch a phishing attack that helps in establishing a foothold within the target network.
  3. Privilege Escalation – In this phase, the attacker attempts to escalate privileges to an administrator (Windows) or root (Linux) account on the compromised host. Usually, this is done each time a new host is compromised.
  4. Establishing Persistence – In this phase, the attacker installs a persistence mechanism (usually a Command and Control (C2) agent) to maintain presence in the target network. This enables the attacker to communicate with compromised hosts without having to exploit it again in case the original connection dies out. Usually, this is done each time a new host is compromised.
  5. Internal Recon – In this phase, the attacker leverages the compromised host to gather information about the internal network. Usually, this is done each time a new host is compromised and is thought to have access to more resources. For example, if an attacker compromises an Active Directory domain joined machine, they can use that machine to enumerate the Active Directory network.
  6. Lateral Movement – In this phase, the attacker tries to expand their access by compromising new hosts within the target network. The information collected during Internal Recon phase is leveraged here.
  7. Data Analysis – As new hosts are compromised, the attacker scans each of them for interesting information (employee records, financial statements, PII, credit card information, customer databases etc.).
  8. Exfiltration – Anything that the attacker deems useful is pulled out and downloaded onto the attacker machine (or their chosen location).
  9. Deleting footprints – Once the attacker has achieved their objective, they delete all files, logs, emails etc. created by them during the exercise to hide their presence.

Featured Image Source: Freepik.com

Related Posts

  • SPN Scanning using ADSI (Part 3)SPN Scanning using ADSI (Part 3)
  • ADSISearcher (Part 2)ADSISearcher (Part 2)
mm
Uday Mittal

Uday Mittal is a cybersecurity professional with rich working experience working with various industries including telecom, publishing, consulting and finance. He holds internationally recognized certifications such as CRTP, OSCE, OSCP, CISSP, CISA, CISM, CRISC among others. He speaks on cybersecurity awareness, offensive security research etc. and has authored various articles on topics related to cyber security and software development for a leading magazine on open source software.

Filed Under: Adversary Emulation Tagged With: Penetration Testing, red team

Optin Form

Search

Follow us on Twitter

My Tweets

Categories

Tags

(ISC)2 Active directory adsecurity adsi adsisearcher adversary emulation Android attack active directory awareness blue whale challenge Certification CISSP Cloud security crte crtp cyber-warfare cybersecurity Cyber Security Cybersecurity books domain enumeration ethical hacking forest enumeration hacker Information Security ISACA Kali Linux Mobile Security Narendra Modi NSA offensive security Online Safety opsec Password Penetration Testing pentest powersploit Powerview privacy red team red teaming Risk Management Social Engineering user enumeration Wifi Windows

Top Posts

  • Mona.py for exploit devs: 6 must know commands
    Mona.py for exploit devs: 6 must know commands
  • What is Adversary Emulation?
    What is Adversary Emulation?
  • Build Your Career in Cyber Security
    Build Your Career in Cyber Security
  • CISA: Everything You Need to Know
    CISA: Everything You Need to Know
  • Let there be no more MMS Scandals
    Let there be no more MMS Scandals
  • 7 Ways to Cover Your Device's Camera
    7 Ways to Cover Your Device's Camera

© Copyright 2020 ElliteDevs · All Rights Reserved · Powered by WordPress